REST API - WEBHOOK SECURITY RISK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The title is misleading because it seems like the PayPal support team never replies to anyone because I've seen a few of these posts on the forums so far with no responses.
The sandbox REST API systems seem to not work at all.
Here's my sandbox webhook configuration. We'll get back to this in a little:
Here's my `Webhooks simulator` configuration. Notice how the URL's in the image above and below are exactly the same (minus the blurred part, of course, but I assure you, those are the same as well). In the image below, I've also gone ahead and sent an event test to my sandbox API. The event id is highlighted.
Here is an image of the incoming POST from the sandbox test API. Notice how the two id's match each other exactly. So, I KNOW my API is set up to receive webhooks from PayPal.
Why then, do I not get ANY sandbox API calls when I cancel a payment, start a dispute, cancel a subscription etc. on the sandbox website? I've tried this countless times, and I'm not getting IPN notifications either (I figured that was the problem). The URLs are exactly the same, and nothing has changed on my API.
- Labels:
-
Payments REST APIs
-
Webhooks REST APIs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can verify webhook notifications.
"Event headers for notification messages contain the PayPal-generated asymmetric signature and information that you can use to validate the signature"
https://developer.paypal.com/docs/api/webhooks/v1/#verify-webhook-signature
Haven't Found your Answer?
It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.
- Need Help Upgrading to PayPal complete payments in PayPal Upgrade Community
- How to change Continue Shopping button when shopping cart is empty? in PayPal Payments Standard
- Webhooks major security flaw in REST APIs
- PayPalClassic no longer responds in Shopware5 frontend, error message: Webhook URL in PayPal Payments Standard
- PayPal gateway has rejected this request 1% we are on Magento 2.4.2 in NVP/SOAP APIs